Privacy Policy

The Service is designed to operate with minimal personal data. The primary category of sensitive information processed is OAuth access tokens (and related refresh or session artifacts) for the platforms you connect — specifically, where applicable, TikTok, YouTube (Google), Instagram (Meta), and LinkedIn— so the Service can publish content on your behalf when you configure it to do so. Depending on how you run the software, tokens may be stored on infrastructure you control (for example, on your own machine or deployment environment).

When you use AI features, prompts and generated outputs may be processed by OpenAIin accordance with their policies. We do not operate a marketing data warehouse for end-user profiling inside this project's scope.

We do not sell your personal information. We do not share OAuth tokens or content with unrelated third parties for their own advertising or data-brokerage purposes. Data is shared only as needed to provide features you enable (for example, calling a platform's official APIs to upload a video, or calling OpenAI to generate a script), and with service providers you choose by configuring integrations.

OAuth tokens are stored so the Service can refresh sessions and publish when you request it. In typical self-hosted or local deployments, tokens are stored locally under your control. You may revoke access at any time through the platform's account settings (see below), which effectively stops future publishing even if a copy of a token had previously existed in your environment.

To request deletion of operational data held by the operator in contexts where the operator processes data on your behalf, contact us at the email below. We will respond in a reasonable timeframe consistent with applicable law.

The Service integrates with third-party APIs and services, including but not limited to: TikTok API, YouTube API, Instagram Graph API, LinkedIn API, and OpenAI API. Each provider processes information under its own terms and privacy policy. We encourage you to review those documents before authorizing access.

You can revoke the Service's access at any time using each platform's security or "apps and websites" settings (for example, disconnecting the app, revoking tokens, or removing OAuth consent). You can also stop running the Service and delete local configuration files or secrets from your deployment environment.

Depending on your jurisdiction, you may have additional rights regarding access, correction, objection, or portability. Contact us if you need assistance related to those rights for data we control.

You are responsible for securing your devices, secrets, and deployment configuration. Follow platform best practices for OAuth, least-privilege scopes, and secret storage (for example, environment variables or a secure vault). No method of transmission or storage is perfectly secure; use caution especially on shared machines.

The Service is not directed to children under 13 (or the minimum age required in your region), and we do not knowingly collect personal information from children for this project.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above. Material changes may be communicated through release notes or other reasonable channels where available.

Privacy questions: juanmalabs@gmail.com